Miggo Logo

CVE-2011-3869: Puppet arbitrary file overwrite

6.3

CVSS Score

Basic Information

EPSS Score
0.12124%
Published
5/14/2022
Updated
1/19/2024
KEV Status
No
Technology
TechnologyRuby

Technical Details

CVSS Vector
AV:L/AC:M/Au:N/C:N/I:C/A:C
Package NameEcosystemVulnerable VersionsFirst Patched Version
puppetrubygems< 2.6.112.6.11
puppetrubygems>= 2.7.0, < 2.7.52.7.5

Vulnerability Intelligence
Miggo AIMiggo AI

Miggo AIRoot Cause Analysis

The vulnerability stems from the insecure file write operation in the k5login type. The GitHub patch explicitly replaces File.open with Puppet::Util.secure_open in the write method of k5login.rb, indicating this was the vulnerable code path. The original File.open call lacked symlink safety checks, enabling TOCTOU attacks. The commit message and CWE-59 context confirm this is a classic symlink race condition vulnerability.

Vulnerable functions

Only Mi**o us*rs **n s** t*is s**tion

WAF Protection Rules

WAF Rule

Pupp*t *.*.x ***or* *.*.*, *.*.x ***or* *.*.**, *n* *.**.x *llows lo**l us*rs to ov*rwrit* *r*itr*ry *il*s vi* * symlink *tt**k on t** .k*lo*in *il*.

Reasoning

T** vuln*r**ility st*ms *rom t** ins**ur* *il* writ* op*r*tion in t** k*lo*in typ*. T** *it*u* p*t** *xpli*itly r*pl***s `*il*.op*n` wit* `Pupp*t::Util.s**ur*_op*n` in t** `writ*` m*t*o* o* `k*lo*in.r*`, in*i**tin* t*is w*s t** vuln*r**l* *o** p*t*.